CVE-2026-49344 Mercator has a Personal Identifiable Information Leak from Query Executor feature

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

CVE-2026-49344

Mercator (open source mapping app) prior to version 2025.05.19 is affected by CVE-2026-49344. The Query Engine endpoint /admin/queries/execute does not enforce an authorization gate, allowing any authenticated account (including read-only Auditor) to query models outside the intended scope (e.g.,...

PT-2026-51020

Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description The Query Engine allows authenticated users to execute queries via a JSON DSL Domain Specific Language, which is a specialized language used to define data queries. The controller method...

Azure Linux 3.0 Security Update: uriparser (CVE-2024-34402)

The version of uriparser installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34402 advisory. - An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer...

CVE-2024-58339

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339

Summary: CVE-2024-58339 affects LlamaIndex up to 0.12.2, due to an uncontrolled resource‑consumption path in the VannaQueryEngine. The vulnerable code is in llama_index/packs/vanna/base.py, inside custom_query(), where SQL is generated from a user‑supplied prompt and executed via vn.run_sql() wit...

EUVD-2016-0351

Malware in sbrugna...

EUVD-2015-7408

Malware in sbrugna...

EUVD-2016-0352

Malware in sbrugna...

EUVD-2017-10506

Malware in sbrugna...

EUVD-2013-6519

Malware in sbrugna...

EUVD-2024-31363

Malicious code in bioql PyPI...

airunner (>=3.0.0 <=3.1.14), llama-index-packs-arize-phoenix-query-engine (>=0.0.2 <=0.1.4) +2 more potentially affected by CVE-2025-3225 via llama-index-readers-web (>=0.0.1 <=0.3.5)

llama-index-readers-web PYPI version =0.0.1, =3.0.0, =0.0.2, =0.1.0, =0.1.0, =0.2.8 Source cves: CVE-2025-3225 Source advisory: SNYK:PYTHON-LLAMAINDEXREADERSWEB-10645574...

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

airunner (>=3.0.0 <=3.1.7), llama-index-packs-arize-phoenix-query-engine (>=0.0.2 <=0.1.4) +2 more potentially affected by CVE-2024-12910 via llama-index-readers-web (>=0.0.1 <=0.2.4)

llama-index-readers-web PYPI version =0.0.1, =3.0.0, =0.0.2, =0.1.0, =0.1.0, =0.2.8 Source cves: CVE-2024-12910 Source advisory: SNYK:PYTHON-LLAMAINDEXREADERSWEB-9510943...

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

...

IBM Db2和IBM Watson Query 代码问题漏洞

IBM Db2 and IBM Watson Query are both products of the International Business Machines IBM Corporation.IBM Db2 is a relational database management system. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions.IBM Watson Query is a general purpose query engine. Distributed and...